Hijacked Startup

Computing.Net > Forums > Security and Virus > Hijacked Startup

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijacked Startup

Name: jfox
Date: June 17, 2008 at 21:42:58 Pacific
OS: XP Home SP2
CPU/Ram: P4 2.8/256
Product: Dell Dim 2400

Comment:

My Startup list is hijacked with various .dlls that I can't seem to get rid of:
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2005-08-18 unins000.exe (51.41.0.0)
2008-02-18 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-06-03 Includes\Adware.sbi
2008-06-10 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-10 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-04 Includes\Hijackers.sbi
2008-06-03 Includes\HijackersC.sbi
2008-06-03 Includes\Keyloggers.sbi
2008-06-10 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-03 Includes\Malware.sbi
2008-06-11 Includes\MalwareC.sbi
2008-06-03 Includes\PUPS.sbi
2008-06-10 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-03 Includes\Spyware.sbi
2008-06-03 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-11 Includes\Trojans.sbi
2008-06-11 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, eTrustPPAP
command: "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
file: C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
size: 131072
MD5: 552DE618905FA02F143A89A7A403321A
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: EE2AC08BE7024A781DF6F40870ED748D
Located: HK_LM:Run, QOELOADER
command: "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
file: C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
size: 6656
MD5: 98D4D7DC7F03BFF6EC2140D3885253CD
Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Dell AIO Printer A920 (DISABLED)
command: "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
file: C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
size: 270336
MD5: 6E5C8AB8A941D098F8F2B5B23647174E
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: FC9F5C5D87D0A6D1E10773D20CB3C3EF
Located: HK_LM:Run, Windows Defender (DISABLED)
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_CU:Run, DellSupport (DISABLED)
where: PE_C_RECOVERY...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: CEA4715092CB7984420DBC9F51FB4C35
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: PE_C_TAMMY MAGES...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-176616388-4123943577-2348866687-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-176616388-4123943577-2348866687-1008...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-176616388-4123943577-2348866687-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, yayyaxy
command: yayyaxy.dll
file: yayyaxy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Help!!!
jfox

Sponsored Link

Ads by Google

Response Number 1

Name: Brandon Winborne
Date: June 20, 2008 at 15:33:38 Pacific

Reply:

you can't use msconfig to prevent them from booting? can you rename them?
I'm here to help as best I can...

Dell AIO 962 hijack.startup hkcmd startup	how to remove INTERNET EXPLORER 8--HIJACKED STARTUP PAGES hijacked startup page in Vista browser hijack startup
See More

Red X virus Help!

Explorer.exe opens, close...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Hijacked Startup

hijacked auto-search

Summary

www.computing.net/answers/security/hijacked-autosearch/9194.html

hijack help for popnav

Summary

www.computing.net/answers/security/hijack-help-for-popnav/9506.html

Virus uses net1.exe! Hijack help!!

Summary

www.computing.net/answers/security/virus-uses-net1exe-hijack-help/7387.html

From the Geek Dictionary
Sucks - A verb used to indicate that something is unpleasant or that someone is bad...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
aol with windows 7

Flash websites and possible virus threats

VPN Connection cannot access resources

can't open share

pioneer 110 rw/dvd/cd

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Microsoft Working on XBL Help, FAQ System?

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE